Reusable CTF Cybersecurity Recruitment

Recruiting cybersecurity talent is challenging. The number of jobs available by far exceeds the number of applicants. Companies need to find new ways to attract the interest of the best potential employees. Capture The Flags, or CTFs, are a popular kind of computer security competition where teams or individuals are pitted against each other in a test of computer security skills. 

In this project, we will explore the feasibility of creating a reusable CTF infrastructure that can be used for recruitment and talent evaluation.

High level description

Capture the Flag (CTF) is an exercise in which "flags” in the form of some kind of message or digital token are hidden in purposely-designed vulnerable systems, programs or websites. Competitors steal flags either from other competitors (attack/defense-style) or from the organizers (jeopardy-style challenges). Competitions exist both online and in-person. The game is based on the traditional outdoor sport of the same name. 

In this project we will explore the possibilities to use a CTF framework for recruitment with focus on product cyber security, determine how it could be implemented in a way that would allow it to be reused for new applicants and evaluate the practical feasibility of such an implementation.

Who are we looking for?

We are looking for two or three individuals with an interest and knowledge in product cybersecurity, IT, penetration testing, programming, scripting and challenging games. This work is suitable for anyone studying computer engineering or equivalent at bachelor or master level.

Project description 

Typically, each CTF participant is given access to a website, virtual machine, network or hardware. Challenges usually involve having to figure out how to bypass security measures, read obscured data or decrypt transmitted messages. Activities include reverse-engineering, packet sniffing, protocol analysis, injection, cross-site scripting, system administration, programming, cryptoanalysis, steganography and forensics, among many others. 

In this project common CTF game rules, play styles, mechanics, implementation techniques and limitations will be documented and evaluated. Based on this evaluation, a subset (and potentially entirely new features) will be chosen based on their respective suitability for the task at hand for further analysis. Ideas regarding how these could be implemented in a fashion which allows them to be reused again and again with new users without compromising the road to a solution will be generated and evaluated. Finally a prototype design will be designed, implemented and demonstrated. 

The major problem that would need to be solved will most likely prove to be how to be able instantiate unique versions of the challenge where solutions to previous instances leaked online are of little assistance, ensuring that it is usable by a single individual without being time-sensitive and provide a reasonable assessment of the challenger's skill while still being fun and engaging.

Purpose

The aim of this project is to investigate the feasibility and implement a prototype framework of a reusable CTF recruitment tool